PassLeader just published the NEWEST Fortinet NSE7 exam dumps! And, PassLeader offer two types of the NSE7 dumps — NSE7 VCE dumps and NSE7 PDF dumps, both VCE and PDF contain the NEWEST NSE7 exam questions, they will help you PASSING the Fortinet NSE7 exam easily! Now, get the NEWEST NSE7 dumps in VCE and PDF from PassLeader — http://www.passleader.com/nse7.html (40 Q&As Dumps –> 97 Q&As Dumps)
What’s more, part of that PassLeader NSE7 dumps now are free — https://drive.google.com/open?id=0B-ob6L_QjGLpZk45YTEzNVBoMGc
QUESTION 16
An administrator added the following Ipsec VPN to a FortiGate configuration:
configvpn ipsec phasel -interface
edit “RemoteSite”
set type dynamic
set interface “portl”
set mode main
set psksecret ENC LCVkCiK2E2PhVUzZe
next
end
config vpn ipsec phase2-interface
edit “RemoteSite”
set phasel name “RemoteSite”
set proposal 3des-sha256
next
end
However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while attempting the Ipsec connection. The output is shown in the exhibit.
What is causing the IPsec problem in the phase 1?
A. The incoming IPsec connection is matching the wrong VPN configuration
B. The phrase-1 mode must be changed to aggressive
C. The pre-shared key is wrong
D. NAT-T settings do not match
Answer: C
QUESTION 17
Examine the IPsec configuration shown in the exhibit; then answer the question below.
An administrator wants to monitor the VPN by enable the IKE real time debug using these commands:
diagnose vpn ike log-filter src-addr4 10.0.10.1
diagnose debug application ike -1
diagnose debug enable
The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both Ipsec gateways. However, the IKE rea time debug does NOT show any output. Why isn’t there any output?
A. The IKE real time debug shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.
B. The log-filter setting is set incorrectly. The VPN’s traffic does not match this filter.
C. The IKF real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.
D. The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.
Answer: A
QUESTION 18
Examine the output of the ‘get router info ospf interface’ command shown in the exhibit; then answer the question below.
Which statements are true regarding the above output? (Choose two.)
A. Theport4 interface is connected to the OSPF backbone area.
B. The local FortiGate has been elected as the OSPF backup designated router.
C. There are at least 5 OSPF routers connected to the port4 network.
D. Two OSPF routers are down in the port4 network.
Answer: AD
Learning the PassLeader NSE7 dumps with VCE and PDF for 100% passing Fortinet certification — http://www.passleader.com/nse7.html (40 Q&As Dumps –> 97 Q&As Dumps)
BONUS!!! Download part of PassLeader NSE7 dumps for free — https://drive.google.com/open?id=0B-ob6L_QjGLpZk45YTEzNVBoMGc